0 Replies Latest reply on Oct 20, 2013 5:57 AM by Robin Huiser

    AssertionConsumerService and AttributeConsumingService not part of AuthnRequest

    Robin Huiser Newbie

      Hi all,

       

      We are using JBoss 5.1.2 EAP and PicketLink 2.1.8 for our SP applications.

      PicketLink is configured to use signed HTTP-POST for AuthnRequest. This all works fine.

       

      In the metadata I've configured the following for the SP:

       

      <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">

           <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>

           <AssertionConsumerService Location="http://host:8180/myapp/" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>

           <AttributeConsumingService index="1">

             <ServiceName xml:lang="en">My Test App</ServiceName>

             <ServiceDescription xml:lang="en">A description.</ServiceDescription>

           </AttributeConsumingService>

      </SPSSODescriptor>

       

      I would expect to have the AssertionConsumerServiceIndex and AttributeConsumingServiceIndex as part of the AuthnRequest, but it isn't.

       

      What am I doing wrong here?

       

      Thanks in advance,

      Robin Huiser